Help. Cant remove virus

Ladywriter1968 · 27 February 2013 at 8:20PM

AVG has detected this: C\windows 32\logonui.exe luhe.gen.b which I think is same thing, I read that apparently its connected to when you log on and off. AVG cant remove and states I will have to do this manually. I have no idea how to do this.

Is there a program I can download that will do this for me? only AVG will not remove as it states its connected to the system, now if that dont trust itself as a virus program what chance have I got or removal without wiping my pc or something?

Thanks

waddler_8 · 27 February 2013 at 10:05PM

Upload the file to virustotal so others scanners can scan it - to rule out a false poistive by AVG.

C:\windows\system32\logonui.exe

https://www.virustotal.com/en/

Ladywriter1968 · 27 February 2013 at 10:51PM

it says on avg that it the dirty file has been replaced by the good file so cant be fixed. bloody computers and viruses.

Ladywriter1968 · 27 February 2013 at 10:53PM

waddler_8 wrote: »

Upload the file to virustotal so others scanners can scan it - to rule out a false poistive by AVG.

C:\windows\system32\logonui.exe

https://www.virustotal.com/en/

I dont know how to get the logonui file in the bar to search for it? I dont know where it is in the system as so many files and it says upload file?

ok worked it out thank you

waddler_8 · 27 February 2013 at 10:55PM

Did you upload it?

It might be a false positive.

If it is infected, then it will need replacing with a clean copy. You can't delete it as it is a system file.

Again, if it is infected then it may be a pointer to other files being infected too.

Ladywriter1968 · 27 February 2013 at 11:00PM

info received, now what do I do?

SHA256: dc3bf76c5b5256669b60808536ed3458d86765c606a9d482ee9c92ace99face2
File name: LOGONUI.EXE
Detection ratio: 8 / 45
Analysis date: 2013-02-27 21:57:39 UTC ( 1 minute ago )
0 0
More details
Analysis
Additional information
Comments
Votes
Antivirus Result Update
Agnitum - 20130227
AntiVir TR/Crypt.XPACK.Gen 20130227
Antiy-AVL - 20130227
Avast - 20130227
AVG Suspicion: unknown virus 20130227
BitDefender - 20130227
ByteHero - 20130227
CAT-QuickHeal - 20130227
ClamAV - 20130227
Commtouch - 20130227
Comodo - 20130227
DrWeb - 20130227
Emsisoft - 20130227
eSafe - 20130211
ESET-NOD32 - 20130227
F-Prot - 20130227
F-Secure - 20130227
Fortinet - 20130227
GData - 20130227
Ikarus Virus.Win32.Virut 20130226
Jiangmin - 20130227
K7AntiVirus - 20130227
Kaspersky - 20130227
Kingsoft Win32.Troj.Generic.(kcloud) 20130225
Malwarebytes - 20130227
McAfee - 20130227
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20130227
Microsoft - 20130227
MicroWorld-eScan - 20130227
NANO-Antivirus - 20130227
Norman Suspicious_Gen4.ATYUF 20130227
nProtect Trojan/W32.Jorik.542208 20130227
Panda - 20130227
PCTools - 20130225
Rising - 20130227
Sophos - 20130227
SUPERAntiSpyware - 20130227
Symantec - 20130227
TheHacker - 20130226
TotalDefense - 20130227
TrendMicro - 20130227
TrendMicro-HouseCall - 20130227
VBA32 - 20130227
VIPRE Backdoor.IRCBot 20130227
ViRobot - 20130227

Ladywriter1968 · 27 February 2013 at 11:03PM

waddler_8 wrote: »

Did you upload it?

It might be a false positive.

If it is infected, then it will need replacing with a clean copy. You can't delete it as it is a system file.

Again, if it is infected then it may be a pointer to other files being infected too.

on crap crap crap! say I say badder words, that means I will have to reinstall all? and lose everything all my work.... excuse me but bloody !!!!!!!s out there doing this.

What if I take to pc man shop maybe he can do it without me losing all, as I aint a clue on that part!

Thank you for your help

Ladywriter1968 · 27 February 2013 at 11:04PM

waddler_8 wrote: »

Did you upload it?

It might be a false positive.

If it is infected, then it will need replacing with a clean copy. You can't delete it as it is a system file.

Again, if it is infected then it may be a pointer to other files being infected too.

I have a bad feeling here, as think other files are sick to.

waddler_8 · 27 February 2013 at 11:08PM

Yes, that doesn't look good to be honest, one mentions Virut - a true file infecting virus. If it is, the best thing to do is backup your personal docs and restore/reinstall windows.

Go here

http://www.eset.co.uk/Antivirus-Utilities/Online-Scanner

Click on Scan now.
Select the option YES, I accept the Terms of Use then click on: START
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on: START
The virus signature database will begin to download.
When completed the Online Scan will begin automatically.
When completed make sure you first copy the logfile located at
C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log here.

macman · 28 February 2013 at 10:42AM

Do you not have a back up of your data already? The time to back up is before disaster strikes, not after.

waddler_8 · 28 February 2013 at 2:11PM

Hopefully the OP does have backups as a reinstall is by far the best choice when it comes to Virut (If it is confirmed as a Virut variant).

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=win32%2fvirut

http://miekiemoes.blogspot.co.uk/2009/02/virut-and-other-file-infectors-throwing.html

Help. Cant remove virus

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free